Building an Extensible Open vSwitch Datapath

The virtual switch is the cornerstone of the today's virtualized data center. As all traffic to and from virtual machines or containers must pass through a vSwitch, it is the ideal location for network configuration and policy enforcement. The bulk of Open vSwitch functionality is platform-agnostic and portable. However the datapath, which touches every packet, is unique to each supported platform. Maintaining each datapath requires duplicated effort and the result has been inconsistent support of features across platforms. Even on a single platform, the features supported by a particular kernel version can vary. Further, datapath functionality must be broadly useful which prevents having application-specific features in the fast path. eBPF, extended Berkeley Packet Filter, enables userspace applications to customize and extend the Linux kernel's functionality. It provides flexible platform abstractions for network functions, and is being ported to a variety of platforms. This paper describes the design, implementation, and evaluation of an eBPF-based extensible OVS datapath. The eBPF OVS datapath delivers the equivalent functionality of the existing OVS kernel datapath, while significantly reducing development pain points around maintainability and extensibility. We demonstrate that these benefits don't necessarily have a trade off in regards to performance, with the eBPFbased datapath showing negligible overhead compared to the existing kernel datapath.